CVE-2021-3604

CRITICAL

Primion-Digitek Secure 8 - Blind SQL Injection

Title source: llm
STIX 2.1

Description

Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0163
EPSS Percentile 73.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
primion-digitek/secure_8 1.0.1.55
Published Jun 18, 2021
Tracked Since Feb 18, 2026